diff options
Diffstat (limited to 'main/musl')
-rw-r--r-- | main/musl/0001-fix-strftime-y-for-negative-years.patch | 34 | ||||
-rw-r--r-- | main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch | 44 | ||||
-rw-r--r-- | main/musl/APKBUILD | 10 |
3 files changed, 87 insertions, 1 deletions
diff --git a/main/musl/0001-fix-strftime-y-for-negative-years.patch b/main/musl/0001-fix-strftime-y-for-negative-years.patch new file mode 100644 index 0000000000..85d21c7e3f --- /dev/null +++ b/main/musl/0001-fix-strftime-y-for-negative-years.patch @@ -0,0 +1,34 @@ +From 61fb81e3959ecf0848eef8d2767bb80ae5d1a68e Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Mon, 2 Jan 2017 17:30:40 -0500 +Subject: [PATCH 1/2] fix strftime %y for negative years + +commit 583ea83541dcc6481c7a1bd1a9b485526bad84a1 fixed the case where +tm_year is negative but the resulting year (offset by 1900) was still +positive, which is always the case for time_t values that fit in 32 +bits, but not for arbitrary inputs. + +based on an earlier patch by Julien Ramseier which was overlooked at +the time the previous fix was applied. +--- + src/time/strftime.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/time/strftime.c b/src/time/strftime.c +index e103e02b7204..a30392044bf8 100644 +--- a/src/time/strftime.c ++++ b/src/time/strftime.c +@@ -166,8 +166,8 @@ const char *__strftime_fmt_1(char (*s)[100], size_t *l, int f, const struct tm * + item = T_FMT; + goto nl_strftime; + case 'y': +- val = tm->tm_year % 100; +- if (val<0) val += 100; ++ val = (tm->tm_year + 1900LL) % 100; ++ if (val < 0) val = -val; + goto number; + case 'Y': + val = tm->tm_year + 1900LL; +-- +2.8.3 + diff --git a/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch new file mode 100644 index 0000000000..db1083531b --- /dev/null +++ b/main/musl/0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch @@ -0,0 +1,44 @@ +From 769f53598e781ffc89191520f3f8a93cb58db91f Mon Sep 17 00:00:00 2001 +From: Rich Felker <dalias@aerifal.cx> +Date: Mon, 2 Jan 2017 19:47:12 -0500 +Subject: [PATCH 2/2] make globfree safe after failed glob from over-length + argument + +commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length +checking to avoid unsafe VLA allocation, but put it in the wrong +place, before the glob_t structure was zeroed out. while POSIX isn't +clear on whether it's permitted to call globfree after glob failed +with GLOB_NOSPACE, making it safe is clearly better than letting +uninitialized pointers get passed to free in non-conforming callers. + +while we're fixing this, change strlen check to the idiomatic strnlen +version to avoid unbounded input scanning before returning an error. +--- + src/regex/glob.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/regex/glob.c b/src/regex/glob.c +index 6affee040c31..5b6ff1247f43 100644 +--- a/src/regex/glob.c ++++ b/src/regex/glob.c +@@ -169,8 +169,6 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i + d = ""; + } + +- if (strlen(p) > PATH_MAX) return GLOB_NOSPACE; +- + if (!errfunc) errfunc = ignore_err; + + if (!(flags & GLOB_APPEND)) { +@@ -179,6 +177,8 @@ int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, i + g->gl_pathv = NULL; + } + ++ if (strnlen(p, PATH_MAX+1) > PATH_MAX) return GLOB_NOSPACE; ++ + if (*p) error = match_in_dir(d, p, flags, errfunc, &tail); + if (error == GLOB_NOSPACE) { + freelist(&head); +-- +2.8.3 + diff --git a/main/musl/APKBUILD b/main/musl/APKBUILD index dd3dccf417..233908e4e9 100644 --- a/main/musl/APKBUILD +++ b/main/musl/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=musl pkgver=1.1.16 -pkgrel=0 +pkgrel=1 pkgdesc="the musl c library (libc) implementation" url="http://www.musl-libc.org/" arch="all" @@ -13,6 +13,8 @@ makedepends="$depends_dev" subpackages="$pkgname-dev $pkgname-dbg libc6-compat:compat:noarch" [ "$BOOTSTRAP" != "nolibc" ] && subpackages="$subpackages $pkgname-utils" source="http://www.musl-libc.org/releases/musl-$pkgver.tar.gz + 0001-fix-strftime-y-for-negative-years.patch + 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch ldconfig __stack_chk_fail_local.c @@ -125,18 +127,24 @@ compat() { } md5sums="ac52ccaec6b06ab0f289d37e8436859b musl-1.1.16.tar.gz +d9da36992a9ccd200242b38b67823b95 0001-fix-strftime-y-for-negative-years.patch +93a7dfa98dff324f2242d10f7c2d68f8 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch 830d01f7821b978df770b06db3790921 ldconfig 0df687757221bbb0fc1aa67f1bd646f9 __stack_chk_fail_local.c 57ef2c63b9ec6a2041694ace97d4ffa2 getconf.c eadc8794eadb79dbc383b2b91a32084d getent.c 45f92f8d59cf84d765de698a9578dbf4 iconv.c" sha256sums="937185a5e5d721050306cf106507a006c3f1f86d86cd550024ea7be909071011 musl-1.1.16.tar.gz +ec5209fe48aa54a859cc034557b7cca8307adaf345b3f7c061e0b284eee00ccc 0001-fix-strftime-y-for-negative-years.patch +b8c92e4c6c60b67fde4eab3465041c12a942a319501710babaf3b6ead381bd95 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch b4a2c06db38742e8c42c3c9838b285a7d8cdac6c091ff3df5ff9a15f1e41b9c7 ldconfig 299a7d75a09de3e2e11e7fb4acc3182e4a14e868093d2f30938fce9bfcff13da __stack_chk_fail_local.c d87d0cbb3690ae2c5d8cc218349fd8278b93855dd625deaf7ae50e320aad247c getconf.c b323f20c9bf560a13c877eb05428bc4a203383697bac763e7b12865db5c5922c getent.c f79a2930a2e5bb0624321589edf8b889d1e9b603e01e6b7ae214616605b3fdd7 iconv.c" sha512sums="47c00e50b7605102fb4aebe1f9ba9db94d26fac64805f6d744c9c557a05b8a58dff7f9558ff7c8d66b5d7c43740cdc2dd79448bacac47f1414e6ada99c210140 musl-1.1.16.tar.gz +74e95ab3a74513e7a0513e004c376d4055eca0e21162e717dfcab249302a9060d3ac3eb88b562dea14b71b475b4dd2f703e355e2f5050b58891a848c5093c5f6 0001-fix-strftime-y-for-negative-years.patch +04805970e7dc11f84a86df49688f3b7670933860192e99637e189494c261e49b3cce1d80019d69341452062df03d5a349450015076c947296ac4a0d40e5789f4 0002-make-globfree-safe-after-failed-glob-from-over-lengt.patch 8d3a2d5315fc56fee7da9abb8b89bb38c6046c33d154c10d168fb35bfde6b0cf9f13042a3bceee34daf091bc409d699223735dcf19f382eeee1f6be34154f26f ldconfig 062bb49fa54839010acd4af113e20f7263dde1c8a2ca359b5fb2661ef9ed9d84a0f7c3bc10c25dcfa10bb3c5a4874588dff636ac43d5dbb3d748d75400756d0b __stack_chk_fail_local.c 0d80f37b34a35e3d14b012257c50862dfeb9d2c81139ea2dfa101d981d093b009b9fa450ba27a708ac59377a48626971dfc58e20a3799084a65777a0c32cbc7d getconf.c |